|
PHP - Serving Images
I thought that after a fully sanitizing scrub of uploaded images, a simple display gallery would suffice. Then I was advised to change image names and rename directories for added security. Yet after all these precautions, it seems it's still insecure to exhibit user images? I recall a suggestion to have images SERVED (rather than using HTML <img> tag), but cannot find a method, starting point, or clear rationale for this. Guidance, advice, and insight to point me in the right direction, please. Edited April 9 by phppupTypos Similar Tutorialsim trying to play large files from under the webroot to an html5 video tag. Nothing is working. So i made a sym link to the folder and just header_location to the file. and now when i tell html5 to play /video/play it works but, when i open firebug net tab, i can see the requests are for the full URL to the video file, not the video/play that html5 is using. Obviously because header_location will show the full path. Is there any ways you guys think what im doing is possible? If not, how can i make it that the browser can play the video files, but the user can't go there directly in their browser? Dear PHPFreak members, I have been searching a solution for serving a file download via my website. The file to be downloaded is actually on a remote server. What i need is a code that serves as a download medium without actually downloading the file to my web server. Something like masking file url Can anyone help me with it ??? Have been trying this since days. But no solution till date. I have this script from http://lampload.com/...,view.download/ (I am not using a database) I can upload images fine, I can view files, but I want to delete them. When I press the delete button, nothing happens
http://www.jayg.co.u...oad_gallery.php
<form>
<?php $dir = dirname(__FILENAME__)."/images/gallery" ; $files1 = scandir($dir); foreach($files1 as $file){ if(strlen($file) >=3){ $foil = strstr($file, 'jpg'); // As of PHP 5.3.0 $foil = $file; $pos = strpos($file, 'css'); if ($foil==true){ echo '<input type="checkbox" name="filenames[]" value="'.$foil.'" />'; echo "<img width='130' height='38' src='images/gallery/$file' /><br/>"; // for live host //echo "<img width='130' height='38' src='/ABOOK/SORTING/gallery-dynamic/images/gallery/ $file' /><br/>"; } } }?> <input type="submit" name="mysubmit2" value="Delete"> </form>
any ideas please?
thanks
Hey every i'm just trying to change my 'Read More' text after a blog post on my site into am image. Got some code that lets me change the actual text to something else, just can't find how to change the text into an image. Code: [Select] add_filter( 'the_content_more_link', 'child_content_more_link', 10, 2 ); function child_content_more_link( $more_link, $more_link_text ) { return str_replace( $more_link_text, 'my new read more text', $more_link ); } Thanks, Matty44m Hi guys I just want to know something. With php you can handle excel files by saving them as .csv files. Then the php script reads it line by line, and commas separating the fields. But is it possible that I can insert an image (small jpg or png) file in one of these fields...and then handle the image in the php script? Just for intrest I inserted an image in excel worksheet and it did not insert it into a cell, it float. Is there maybe another to insert it in the cell and then control it with php?? Thanx in advance Ok, I have a GD image that is then rewrote as a png. My question is, is it possible to find out what site is requesting the image and then use it on the php image. Example, if I didn't want a domain to use my images, could I somehow me able to restirict that site? Hi, There are 10 images in a folder called "Images". All images are named like 1.jpg, 2.jpg, 3.gif, 4.png, and so on... I am using these images on my website with this link: MyDomain.com/Images/1.jpg Now what i want to do is change the image every minute. from 1... to ...10 all images one by one, every minute... Link should remain same, but it should give different image every time. and if someone copies my link of image, it still gets changed every minute. i hope to get some help, better with some example code... Thanks! This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=346417.0 Hello... I have some simple code but no ideas for upload another image?? PHP stores image name in database but there is no second picture uploaded in the images/ folder. Pls help. Thanks if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 2000000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "<strong>Slika:</strong> " . $_FILES["file"]["name"] . "<br />"; echo "<strong>Format slike:</strong> " . $_FILES["file"]["type"] . "<br />"; echo "<strong>Velicina:</strong> " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "<strong>Temp file:</strong> " . $_FILES["file"]["tmp_name"] . "<br />"; // here is mistake??? move_uploaded_file($_FILES["file"]["tmp_name"], "images/" . $_FILES["file"]["name"]); // $sql="INSERT INTO test (name, something, slika, slika2) VALUES ('".$_POST['name']."', '".$_POST['something']."', '".$_FILES['file']['name']."', '".$_FILES['slika1']['name']."')"; if (mysql_query($sql)) { echo "Sucess"; } else { echo "Error" . mysql_error(); } } } else { echo "Invalid file"; } ?> Hello all , I am facing a problem when trying to to show image files generated from php code in IE8 . it is working fine on firefox and IE9 . but in IE8 its showing the famous red X instead of the image ; belw is the code: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html dir="RTL" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:v="urn:schemas-microsoft-com:vml" lang="en-us" > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <head> <title>header </title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <?php mb_internal_encoding('UTF-8'); /** * @author IT Department * @copyright 2011 */ INCLUDE ("header.php"); INCLUDE ("connect.php"); if (isset($_GET['id'])) { $ID=$_GET['id']; $sql="select employees.USER_ID, employees.NAME_ARAB, employees.NAME_ENG, employees.TITLE_ARAB, employees.TITLE_ENG, department.DEP_NAME_ENG, department.DEP_NAME_ARAB, location.LOC_DESC_ENG, location.LOC_DESC_ARAB, employees.MOBILE, employees.EMAIL, employees.DEP, employees.LOC FROM employees,location,department WHERE employees.DEP=department.DEP_ID AND employees.LOC=location.LOC_ID and employees.USER_ID=$ID "; //echo $sql; $result=mysql_query($sql,$link); mysql_query("SET NAMES 'utf8'"); ECHO '<html DIR="RTL">'; echo "<table width=100% border='1' cellpadding='8' align='center' bgcolor='white'>"; while ($row = mysql_fetch_array($result, MYSQL_NUM)) { //$row = mysql_fetch_assoc($result); echo"<tr align='center'>"; echo"<td>"; ECHO " الرقم الوظيفي :"; echo"</td>"; echo"<td colspan='2'>"; ECHO "<strong>$row[0]</strong>"; echo"</td>"; echo"<td>"; ECHO " : User ID "; echo"</td>"; echo"<td rowspan='7'>"; ECHO "<img src='IMAGE.php?id=".$row[0]."' width='225' height='300'/>"; //the image echo"</td>"; echo "</tr>"; the php image file is : Code: [Select] <?php INCLUDE ("connect.php"); $ID = "'".$_GET['id']."'"; $sql="SELECT PHOTO FROM employees WHERE USER_ID=$ID"; $result=mysql_query($sql,$link); $row = mysql_fetch_array($result); header("Content-type: image/pjpeg"); print ( $row[0]); ?> Thanks in advance for your help Hi all, while I was coding a script for my website something struck me which ive not really got an idea how to code it, but anyway, in my Database ive got a table which holds image URL's but how could I echo them out in PHP which will show the image? Not just the writing. Thanks for your help. I am absolutley stumped with this: im trying to have PHP get the size of an image that has been uploaded to mySQL, and return it to a certain size, lets say 200X200px. The problems im having to finding an existing script to help me understand - and then fit it into a table? All the help from google searches seem to suggest using software, but i would like to learn how to do this properly. First off the upload script: Code: [Select] <?php error_reporting(E_ALL); ini_set("display_errors", 1); echo '<pre>' . print_r($_FILES, true) . '</pre>'; //This is the directory where images will be saved $target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES"; $target = $target . basename( $_FILES['upload']['name']); //This gets all the other information from the form $company_name=$_POST['company_name']; $basicpackage_description=$_POST['basicpackage_description']; $location=$_POST['location']; $postcode=$_POST['postcode']; $upload=($_FILES['upload']['name']); // Connects to your Database mysql_connect("server", "user", "password") or die(mysql_error()) ; mysql_select_db("removalspacelogin") or die(mysql_error()) ; //Writes the information to the database mysql_query("INSERT INTO `Companies` (company_name, basicpackage_description, location, postcode, upload) VALUES ('$company_name', '$basicpackage_description', '$location', '$postcode', '$upload')") ; echo mysql_error(); //Writes the photo to the server if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } ?> this works great, it uploads the users pictures. This displays them out: Code: [Select] <?php $database="removalspacelogin"; mysql_connect ("server", "user", "password"); @mysql_select_db($database) or die( "Unable to select database"); $result = mysql_query( "SELECT company_name, location, postcode, basicpackage_description, premiumuser_description, upload FROM Companies" ) or die("SELECT Error: ".mysql_error()); $num_rows = mysql_num_rows($result); print "\n\n\nThere are $num_rows records.<P>"; echo "<table><tr><th>Comppany Name</th><th>Location</th><th>Postcode</th><th>Basic Members</th><th>Upgraded Users</th><th>Company Logo</th></tr><tr><td></td><td></td><td></td><td></td><td></td><td></td></tr>";// store the records into $row array and loop through while ( $row = mysql_fetch_array( $result, MYSQL_ASSOC ) ) { // Print out the contents of the entry echo "<tr><td>{$row['company_name']}</td>"; echo "<td>{$row['location']}</td>"; echo "<td>{$row['postcode']}</td>"; echo "<td>{$row['basicpackage_description']}</td>"; echo "<td>{$row['premiumuser_description']}</td>"; echo "<td><img src=\"http://www.removalspace.com/images/COMPANIES{$row['upload']}\" alt=\"logo\" /></td></tr>";} echo "</table>"; ?> Right now all the information in my table is fine except the image coloumn, the images are all the same size as they went in, i'd like them to all be one size so there in a uniformed fashion. But need all the rest of the mySQL table displayed, so how does it fit into my script to display the table? Many thanks!??? I have a site where I need to have lets call it image1 displayed, then I want to change this image based on a php if statement, for instance: if $var == $var2 change the image ....blah blah so I was also going to have the names of my images stored in my database, i.e. image1.jpg and image2.jpg in my database. the image is in its own div tag set as the background image of the div tag if that makes any diference. Thanks Ok I have finally got rid of my syntax errors with this upload script. Now im getting the error uploading your image. My folders are called project_files and project_thumbs. This is my script <?php $results = ""; error_reporting(E_ALL); ini_set("display_errors", 1); //Auto Thumbnail Function function create_thumbnail($source,$destination, $thumb_width) { $size = getimagesize($source); $width = $size[0]; $height = $size[1]; $x = 0; $y = 0; if($width> $height) { $x = ceil(($width - $height) / 2 ); $width = $height; } elseif($height> $width) { $y = ceil(($height - $width) / 2); $height = $width; } $new_image = imagecreatetruecolor($thumb_width,$thumb_width) or die('Cannot initialize new GD image stream'); $extension = get_image_extension($source); if($extension=='jpg' || $extension=='jpeg') $image = imagecreatefromjpeg($source); if($extension=='gif') $image = imagecreatefromgif($source); if($extension=='png') $image = imagecreatefrompng($source); imagecopyresampled($new_image,$image,0,0,$x,$y,$thumb_width, $thumb_width,$width,$height); if($extension=='jpg' || $extension=='jpeg') imagejpeg($new_image,$destination); if($extension=='gif') imagegif($new_image,$destination); if($extension=='png') imagepng($new_image,$destination); } //Get Extension Function function get_image_extension($name) { $name = strtolower($name); $i = strrpos($name,"."); if (!$i) { return ""; } $l = strlen($name) - $i; $extension = substr($name,$i+1,$l); return $extension; } //Random Name Function function random_name($length) { $characters = "abcdefghijklmnopqrstuvwxyz01234567890"; $name = ""; for ($i = 0; $i < $length; $i++) { $name .= $characters[mt_rand(0, strlen($characters) - 1)]; } return "image-".$name; } $images_location = "/project_files/"; $thumbs_location = "/project_thumbs/"; $thumb_width = "100"; $maximum_size = "5000000"; //Check And Save Image if($_POST) { if($_FILES['image']['name'] == ""){ $results = "Please select the image you would like to upload by clicking browse"; } else{ $size=filesize($_FILES['image']['tmp_name']); $filename = stripslashes($_FILES['image']['name']); $extension = get_image_extension($filename); if($size > $maximum_size) { $results = "Your file size exceeds the maximum file size!"; } else if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { $results = "Only the following extensions are allowed. 'jpg', 'jpeg', 'png', 'gif'."; } else { $image_random_name=random_name(15).".".$extension; $copy = @copy($_FILES['image']['tmp_name'], $images_location.$image_random_name); if (!$copy) { $results = "Error while uploadin your image! Please try again!"; } else{ create_thumbnail($images_location.$image_random_name,$thumbs_location.$image_random_name, $thumb_width); $results = "Your image has been uploaded!"; } } } } ?> and the form Code: [Select] <html> <head> <title>test</title> </head> <body> <?php echo $results; ?> <form action="#" method="post" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="5000000" /> <input type="file" name="image" /> <input type="submit" value="Upload Image" /> </form> </body> </html> Ok, so i've managed to upload images, but now i'm trying to rename them to avoid replacement and i've done something like this: mysql_query( "INSERT INTO `softmarket`.`internet_securitate` (`internet_securitateID`, `nume_produs`, `descriere`, `versiune`,`poza`, `pret`, `disponibilitate_produs`) VALUES ('', '$_POST[titlu]', '$_POST[descriere]', '$_POST[versiune]', '$foto', '$_POST[pret]', '$_POST[disponibilitate]');"); Code: [Select] function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['foto']['name']) ; $ran2 = $foto."."; $target = "../images/"; $target = $target . $ran2.$ext; while (file_exists($target)) { $ran2 = 'copyof'.$ran2; $target = $target . $ran2.$ext; } if(move_uploaded_file($_FILES['foto']['tmp_name'], $target)) { echo "The file has been uploaded as ".$ran2.$ext; } else { echo "Sorry, there was a problem uploading your file."; } header('Location: succes.php'); but it renames them in a wierd way...what is wrong? Hi, I have a pretty simple application that allows my users to upload images and i'm able to succesfull upload images to a new dir to be outputted. But as to save on download time and server space is there a simple piece of code I can add to the below code that will resize every image on uploded to 460(w) x 300 (h) from my users Code: [Select] <?php if ((($_FILES["article_image"]["type"] == "image/gif") || ($_FILES["article_image"]["type"] == "image/jpeg") || ($_FILES["article_image"]["type"] == "image/pjpeg")) && ($_FILES["article_image"]["size"] < 5000000)) { move_uploaded_file($_FILES["article_image"]["tmp_name"], "images/" . $_FILES["article_image"]["name"]); } ?> Thanks in advance for any help and suggestions Hi, I have this upload script that uploads a file and writes path to DB: Code: [Select] <?php $uploadDir = '../uploads/'; if(isset($_POST['upload'])) { foreach ($_FILES as $file) { $fileName = $file['name']; $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; if($fileName==""){ $filePath = '../img/none.jpg'; } else{ $filePath = $uploadDir . $fileName; } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $fileinsert[]=$filePath; } ?> this works fine for a single image, but I eed to upload 2 images with a single submission....any ideas how to do this? Thanks Hi guys, i have a form that uploads a school photo. All i want to do is resize the image to its widest dimension of a width of 480 px and then obviously constrain the height. can anyone help me, ive tried to do this myself but when it comes to image properties i really struggle etc. heres my upload code. Code: [Select] <?php include("includes/connection.php"); // Where the file is going to be placed $schoolimage = "SchoolImages/"; //This path will be stored in the database as it does not contain the filename $currentdir = getcwd(); $path = $currentdir . '/' . $schoolimage; // Get the schoolid for the image and school linker table $schoolid = $_POST['schoolid']; //Get the school name $query = "SELECT * FROM school WHERE school_id = ".$schoolid; $result = mysql_query($query) or die("Error getting school details"); $row = mysql_fetch_assoc($result); $schoolname = $row['name']; //Use this path to store the path of the file in the database. $filepath = $schoolimage . $schoolname; //Create the folder if it does not already exist if(!file_exists('SchoolImages')) { if(mkdir('SchoolImages')) { echo 'Folder ' . 'SchoolImages' . ' created.'; } else { echo 'Error creating folder ' . 'SchoolImages'; } } //Store the folder for the course title. if(!file_exists( $filepath )) { if(mkdir( $filepath )) { echo 'Folder ' . $schoolname . ' created.'; } else { echo 'Error creating folder ' . $schoolname; } } // Where the file is going to be placed $target_path = $filepath; // Add the original filename to our target path. Result is "uploads/filename.extension" echo $target_path = $target_path . '/' . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name'])." has been uploaded"; $filename = $_FILES['uploadedfile']['name']; //Store the filename, path other criteria in the database echo $query = "INSERT INTO image(image_id, name, path) VALUES(0, '$filename', '$filepath')"; //Perform the query $add = mysql_query($query, $conn) or die("Unable to add the image details to the database"); $imageid = mysql_insert_id(); //Store the filename, path other criteria in the database echo $query = "INSERT INTO image_school( image_id, school_id ) VALUES('$imageid', '$schoolid')"; //Perform the query $add = mysql_query($query, $conn) or die("Unable to add the image details to the database"); $message = 'Upload Successful'; } else { $message = 'There was an error uploading the file, please try again!'; } //Close the connection to the database mysql_close($conn); header("Location: add_school_photo_form.php? message={$message}&schoolid={$schoolid}"); //header("Location: add_school_photo_form.php? message=$message, schoolid=$schoolid"); exit(); ?> Id be eternially gratefull. Kind Regards Dean please help me to solve this problem : when my client want to remove a record all the related images must be deleted with it ,is that possible?? I am looking to display image paths in a row separated by commas. There are 6 images that goes to each user and I would like only the 6 images at be in each " " Like this: "images/listings/listing_516013019A-only.jpg,images/listings/listing_848813453A-1.jpg,images/listings/listing_664613453A-2.jpg,images/listings/listing_520313453A-3.jpg,images/listings/listing_690513453A-4.jpg,images/listings/listing_125113453A-5.jpg,images/listings/listing_641013453A-6.jpg," "images/listings/listing_736913186A-1.jpg,images/listings/listing_822713186A-2.jpg,images/listings/listing_136513186A-3.jpg,images/listings/listing_700313186A-4.jpg,images/listings/listing_716013186A-5.jpg,images/listings/listing_213113186A-6.jpg," "images/listings/listing_292113254A..-1.jpg,images/listings/listing_854413254A..-2.jpg,images/listings/listing_446013254A..-3.jpg,images/listings/listing_676313254A..-4.jpg,images/listings/listing_563413254A..-5.jpg,images/listings/listing_341513254A..-6.jpg," Right now it is displaying them like this "images/listings/listing_516013019A-only.jpg," "images/listings/listing_848813453A-1.jpg," "images/listings/listing_664613453A-2.jpg," "images/listings/listing_520313453A-3.jpg," "images/listings/listing_690513453A-4.jpg," "images/listings/listing_125113453A-5.jpg," "images/listings/listing_641013453A-6.jpg," "images/listings/listing_736913186A-1.jpg," "images/listings/listing_822713186A-2.jpg," "images/listings/listing_136513186A-3.jpg," "images/listings/listing_700313186A-4.jpg," "images/listings/listing_716013186A-5.jpg," "images/listings/listing_213113186A-6.jpg," "images/listings/listing_292113254A..-1.jpg," "images/listings/listing_854413254A..-2.jpg," "images/listings/listing_446013254A..-3.jpg," "images/listings/listing_676313254A..-4.jpg," "images/listings/listing_563413254A..-5.jpg," "images/listings/listing_341513254A..-6.jpg," Here is the code I have: Code: [Select] <?php // Make a MySQL Connection mysql_connect("localhost", "xxxxxxxx", "xxxxxxxx") or die(mysql_error()); mysql_select_db("xxxxxxxx") or die(mysql_error()); $result = mysql_query("SELECT * FROM listimages ORDER BY listimages.listingid DESC ") or die(mysql_error()); while($row = mysql_fetch_array($result)) { echo "\""; echo "$row[imagepath],"; echo "\""; echo "<br>"; } ?> My tables for the images is "listimages" and the columns a id (which are the auto_increments) imagepath (which shows the path/image1.jpg) mainimage (which just shows 0 or 1 depending on the picture that is the default for that listing, 1 being default) listingid (shows numbers 1 2 3 etc corresponding to the Id in the listings table to show what images go with what listing) There are up to 6 images for each listing. Any idea how to fix this? |
|||||||